package controllers.admin.permission;

import controllers.admin.secure.Security;
import controllers.admin.secure.Security;
import controllers.deadbolt.RestrictedResourcesHandler;
import models.permission.User;
import models.deadbolt.AccessResult;
import play.mvc.Scope.Session;

import java.util.List;
import java.util.Map;

public class AclRestrictedResourcesHandler implements
        RestrictedResourcesHandler {

	/**
	 * 验证每个功能
	 * @param resourceNames the names of the resource
	 * @param resourceParameters additional information on the resource
	 * @return
	 */
	@Override
	public AccessResult checkAccess(List<String> resourceNames, Map<String, String> resourceParameters) {
		if (resourceNames.size() == 0)
			return AccessResult.DENIED;

		User user = Security.currentUser();
		if (user == null)
			return AccessResult.DENIED;

		Long role_id = user.role==null?null:user.role.id;
		if (role_id == null)
			return AccessResult.DENIED;

		models.permission.Role role = models.permission.Role.findById(Long
				.valueOf(role_id));
		if (role.hasResources(resourceNames)) {
			return AccessResult.ALLOWED;
		}
		if ("超级管理员".equals(role.name)) {
			return AccessResult.ALLOWED;
		}
		return AccessResult.DENIED;
	}
}
